Pages

Tuesday, 24 September 2013

SSL MITM PROXY

SSL Man in the Middle Proxy








Description

mitm-proxy is an Java-based SSL proxy that acts as a "man in the middle". In other words, proxied HTTPS requests are terminated by the proxy and resent to the remote webserver. The server certificates presented to the client (i.e. a web browser) are dynamically generated/signed by the proxy and contain most of the same fields as the original webserver certificate. The subject DN, serial number, validity dates, and extensions are preserved. However, the issuer DN is now set to the name of the proxy's self-signed certificate and the public/private keys of the proxy are used in creating the forged certificate. These forged certificates are cached (in memory) by the proxy, for better performance.

Documents


Download

NOTE: this tool can NOT be used for any commercial purposes, as is, because it makes use of an educational/research version of the IAIK JCE library.

Usage

The mitm-proxy requires a Java runtime (1.5 or later) and has been tested on various windows and linux platforms. For the impatient, the included README file contains quick start instructions.
The proxy server is started from the command line in the following way:
  java mitm.MITMProxyServer [options]
 
  Where options can include:
 
   [-localHost <host name/ip>]  Default is localhost
   [-localPort <port>]          Default is 8001
   [-keyStore <file>]           Key store details for
   [-keyStorePassword <pass>]   certificates. Equivalent to
   [-keyStoreType <type>]       javax.net.ssl.XXX properties
   [-keyStoreAlias <alias>]     Default is keytool default of 'mykey'
   [-outputFile <filename>]     Default is stdout
   [-v ]                        Verbose proxy output
   [-h ]                        Print this message
  
Notes on the options:
  • keyStore is a Java KeyStore file containing a self-signed proxy certificate
    • A new self-signed proxy certificate can be created by invoking:
      keytool -genkey -keystore <your-file> -storepass <your-pass> -keyalg rsa
  • outputFile will contain the plaintext HTTP requests that are being proxied
  • Verbose proxy output includes:
    • Details about the proxied data connection's endpoints
    • The remote webserver certificate's common name field
    • The newly forged certificates
Once the proxy server is started, your web browser will need to be configured to make use of an SSL proxy, with the same host/port as above. Note that unless the proxy's certificate is imported into your browser CA certificate store, you will see warnings about untrusted server certificates.

Credits

Staff:

Background:

Originally developed for use in a class project for CS255: Introduction to Cryptography, taught by Prof. Boneh in Winter 2007.
Stanford Security Lab

FROM http://crypto.stanford.edu/ssl-mitm